Merge pull request #1823 from safing/fix/public-suffix-domain-list

Fix domain list generation within public suffix
2025-04-09 13:39:10 +00:00 · 2025-02-27 12:10:28 +01:00 · 2025-02-27 12:10:28 +01:00 · 7373b8868b
commit 7373b8868b
parent fdca991166 76c352da5a
2 changed files with 52 additions and 15 deletions
--- a/service/intel/entity.go
+++ b/service/intel/entity.go
@ -397,28 +397,32 @@ func (e *Entity) getDomainLists(ctx context.Context) {
 }

 func splitDomain(domain string) []string {
-	domain = strings.Trim(domain, ".")
-	suffix, _ := publicsuffix.PublicSuffix(domain)
-	if suffix == domain {
+	// Get suffix.
+	d := strings.TrimSuffix(domain, ".")
+	suffix, icann := publicsuffix.PublicSuffix(d)
+	if suffix == d {
 		return []string{domain}
 	}

-	domainWithoutSuffix := domain[:len(domain)-len(suffix)]
-	domainWithoutSuffix = strings.Trim(domainWithoutSuffix, ".")
-
-	splitted := strings.FieldsFunc(domainWithoutSuffix, func(r rune) bool {
+	// Split all subdomain into labels.
+	labels := strings.FieldsFunc(d[:len(d)-len(suffix)], func(r rune) bool {
 		return r == '.'
 	})

-	domains := make([]string, 0, len(splitted))
-	for idx := range splitted {
-
-		d := strings.Join(splitted[idx:], ".") + "." + suffix
-		if d[len(d)-1] != '.' {
-			d += "."
-		}
-		domains = append(domains, d)
+	// Build list of all domains up to the public suffix.
+	domains := make([]string, 0, len(labels)+1)
+	for idx := range labels {
+		domains = append(
+			domains,
+			strings.Join(labels[idx:], ".")+"."+suffix+".",
+		)
 	}
+
+	// If the suffix is not a real TLD, but a public suffix, add it to the list.
+	if !icann {
+		domains = append(domains, suffix+".")
+	}
+
 	return domains
 }

--- a/service/intel/entity_test.go
+++ b/service/intel/entity_test.go
@ -0,0 +1,33 @@
+package intel
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var splitDomainTestCases = [][]string{
+	// Regular registered domains and subdomains.
+	{"example.com."},
+	{"www.example.com.", "example.com."},
+	{"sub.domain.example.com.", "domain.example.com.", "example.com."},
+	{"example.co.uk."},
+	{"www.example.co.uk.", "example.co.uk."},
+
+	// TLD or public suffix: Return as is.
+	{"com."},
+	{"googleapis.com."},
+
+	// Public suffix domains: Return including public suffix.
+	{"test.googleapis.com.", "googleapis.com."},
+	{"sub.domain.googleapis.com.", "domain.googleapis.com.", "googleapis.com."},
+}
+
+func TestSplitDomain(t *testing.T) {
+	t.Parallel()
+
+	for _, testCase := range splitDomainTestCases {
+		splitted := splitDomain(testCase[0])
+		assert.Equal(t, testCase, splitted, "result must match")
+	}
+}